CVE-2026-1405
published 2026-02-19CVE-2026-1405: The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'slider_future_handle_image_upload'…
PriorityP186critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.18%
86.4th percentile
The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'slider_future_handle_image_upload' function in all versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| franchidesign | slider_future | <= 1.0.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated POST requests to the Slider Future upload endpoint /wp-json/slider-future/v1/upload-image/ with a JSON body containing an 'image_url' key — no authentication headers required. ↗
- →A successful exploit response will return HTTP 200 with Content-Type application/json and a body containing both 'url' and 'wp-content', indicating a file was fetched and stored under the WordPress uploads directory. ↗
- →The vulnerable function is 'slider_future_handle_image_upload' — monitor for this function name in WordPress debug logs or stack traces as evidence of exploitation attempts. ↗
- →Out-of-band interaction (HTTP or DNS callback) via interactsh/OAST is used by exploit templates to confirm SSRF-assisted file fetch; monitor for unexpected outbound HTTP/DNS from the WordPress server triggered by this endpoint. ↗
- ·Vulnerability affects all versions up to and including 1.0.5 of the Slider Future WordPress plugin; versions beyond 1.0.5 are not affected. ↗
- ·Exploitation requires no authentication whatsoever — any unauthenticated network attacker can trigger the upload endpoint. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qq55-xggh-hmxg: The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'slider_future_handle_image_
ghsa_unreviewed·2026-02-19
CVE-2026-1405 [CRITICAL] CWE-434 GHSA-qq55-xggh-hmxg: The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'slider_future_handle_image_
The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'slider_future_handle_image_upload' function in all versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
VulnCheck
Unrestricted Upload of File with Dangerous Type
vulncheck·2026·CVSS 9.8
CVE-2026-1405 [CRITICAL] Unrestricted Upload of File with Dangerous Type
Unrestricted Upload of File with Dangerous Type
The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'slider_future_handle_image_upload' function in all versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected: franchidesign Slider Future
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2026-04-06&host_type=src&vulnerability=cve-2026-1405
Exploit PoC: https://vulnchec
No detection rules found.
Nuclei
WordPress Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload
nuclei·CVSS 9.8
CVE-2026-1405 [CRITICAL] WordPress Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload
WordPress Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload
Slider Future WordPress plugin <= 1.0.5 contains an unrestricted file upload vulnerability caused by missing file type validation in 'slider_future_handle_image_upload', letting unauthenticated attackers upload arbitrary files, exploit requires no authentication.
Template:
id: CVE-2026-1405
info:
name: WordPress Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload
author: pussycat0x
severity: critical
description: |
Slider Future WordPress plugin <= 1.0.5 contains an unrestricted file upload vulnerability caused by missing file type validation in 'slider_future_handle_image_upload', letting unauthenticated attackers upload arbitrary files, exploit requires no authentication.
remediation: |
Update to a ve
Wiz
CVE-2026-1405 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-1405 [CRITICAL] CVE-2026-1405 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1405 :
WordPress vulnerability analysis and mitigation
The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'slider_future_handle_image_upload' function in all versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Source : NVD
## 9.8
Score
Published February 19, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
WordPress
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 95.2
Exploitation Probability (EPSS) 18.1
Affected packages and libraries
slider-future
Greynoiseio
NoiseLetter February 2026
blogs_greynoiseio
NoiseLetter February 2026
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
2026-02-19
Published
Exploited in the wild